Things to Know About Phishing Attack
“Phishing” is a fraudulent practice used to manipulate you into giving up your sensitive or confidential information. Phishing is one of the forms of social engineering, and it is not technically a hack. It refers to and sounds similar to “fishing”, as it relates to the act of fishing for someone’s credit card numbers and passwords.
How Does Phishing Occur?
Phishing scams exploit security and software weaknesses on the server side and client side. However, even high-tech scams work similarly to old-school con jobs, where a trickster convinces their target that they are reliable and trustworthy. Most individuals will not easily divulge their bank account details to a random person, so phishers take more sophisticated steps to trick you into revealing such information. This type of deceptive tactic is known as “social engineering”.
Phishing can happen through multiple channels, but most cases of phishing involve the use of telephone, e-mail messages, and websites. Phishers tend to use real logos and copies of valid emails. They use the copy links to direct the target to a fake webpage. Recreating the look of an official email message is only a part of this process.
Most phishing scams prompt the target to do something right away, and these usually threaten them with account cancellation should they fail to reply promptly. Some scams thank the message recipient for buying something which they have never even bought of purchasing. However, such psychological threat as mentioned above causes the target to do something to prevent losing that account.
Ways to Protect Against Phishing
At the center of this social engineering attack is often the failure to easily identify each other. Computers are also usually not created by considering authentication issues, and properly validating cryptographic signature patterns takes a considerable amount of effort.
Phishing attackers send emails that look legit and that can come usually from government organizations, financial institutions, well-known brands, or even contest companies. These emails will ask you to click on a link, which will most likely lead you to their website. There, you will also possibly be asked to fill out a web form. Such a website will look real enough and might ask for card details, passwords or general information to be used in identity fraud schemes. There are programs to defend against email phishing, but those are not widely available as yet. As a general rule, you should never click on links in your emails, particularly the ones in unexpected correspondence.
It can be difficult to verify the identity of a caller. Spoofing numbers that appear on caller ID is easy, so even when the authorized person’s number is saved in the device, there is still the possibility that the caller is not who they claim they are. Calling back the last number is the only way to know that it belongs to that caller, but in spite of that, verifying the number in a telephone directory or online is important. Government or bank agents will hardly ever contact you to ask for personal information, such as credit card numbers or passwords. If they do, it is a warning sign that that caller is a phisher. Due to the increasing cases of phishing, banks, in particular, have notified their customers not to divulge such data to third-parties.
Websites used for phishing usually mimic a site which the target regularly visits. These sites might also be used to deceive you into contacting a fake customer service number or solicit card details from you. The phishing targets are usually guided to the illegitimate websites through 3 main channels: via ads, via emails, and via search engine results.
Advice: To not fall victim to one such website, always check the URL whenever you are about to visit it. Ideally, you should bookmark legitimate websites, and visit these only through those recorded addresses in your browser.